$(document).ready(function () {
	/*
	 * DEFAULTS
	 */
	var xss_tags = {};
	var xss_json_feed = 'http://xssdb.dabbledb.com/publish/attackdb/dc23ad51-25ef-4fdc-92be-4a7cb606387e/xssdb.json';

	$.extend($.blockUI.defaults.overlayCSS, {backgroundColor: '#000000', opacity: '0.5', cursor: 'auto'});
	$.extend($.blockUI.defaults.pageMessageCSS, {backgroundColor: '#000000', color: '#999999', cursor: 'auto', border: 'none', textAlign: 'left'});

	Dabble = new Object;
	Dabble.addView = function(view) {
		xss_data = view.entries;
		json_xss_exploits_handler(xss_data);
		$('#count').html(xss_data.length);
	};

	/*
	 * HELPERS
	 */
	function escapeHTML(t) {
		var div = document.createElement('div');
		var text = document.createTextNode(t);
		div.appendChild(text);
		return div.innerHTML;
	}

	function json_xss_exploits_handler(d) {
		
		console.dir(d);
		
        xss_tags = {};

		for (var i = 0; i < d.length; i++) {
			var exploit = d[i];
			var _tags = (exploit.values['3'] || '').split(/\s*,\s*/);

			if (_tags[0] == '') {
				_tags[0] = 'general';
			}

			for (var ti = 0; ti < _tags.length; ti++) {
				if (!xss_tags[_tags[ti]]) {
					xss_tags[_tags[ti]] = [];
				}

				xss_tags[_tags[ti]].push(exploit);
			}
		}

		var si = $('select[@name="category"]').get(0).selectedIndex;

		$('select[@name="category"]').html('');

		for (var tag_name in xss_tags) {
			$('select[@name="category"]').addOption(tag_name, tag_name, false);
		}

		if (si >=0 ) {
			$('select[@name="category"]').get(0).selectedIndex = si;
		}
	}

	/*
	 * ADD XSS PAYLOAD
	 */
	$('#navigation li a[@href="#add-xss-exploit"]').click(function () {
		$('<iframe height="420px" width="800px" class="frame" style="background:#FFFFFF;overflow-x:hidden;margin:0;padding:0;" frameborder="0" scrolling="auto" src="form-xss.htm"></iframe>')
			.appendTo(document.body)
			.displayBox();

		return false;
	});

	/*
	 * XSS TESTER
	 */
	$('#navigation li a[@href="#xss-tester"]').toggle(function () {
		$('#xss-tester').fadeIn();

		return false;
	}, function () {
		$('#xss-tester').fadeOut();

		return false;
	});

	$('#xss-tester input, #xss-tester textarea').Tooltip({extraClass: 'message tooltip', showURL: false, showBody: false});

	$('#xss-tester [@name="btnTestGET"], #xss-tester [@name="btnTestPOST"]').click(function () {
		var cat = $('select[@name="category"]').val();
		var ind = $('select[@name="name"]').get(0).selectedIndex;

		if (ind < 0) {
			alert('Please select attack payload first!');
			return;
		}

		var exploit = xss_tags[cat][ind];

		method = $(this).attr('name').substring(7);
		url = $('#xss-tester [@name="url"]').val();
		parameters = $('#xss-tester [@name="parameters"]').val().replace(/\{xss\}/, exploit.values['2']);

		if ($.trim(url) == '') {
			alert('Please specify URL to attack!');
			return;
		}

		if ($.trim(parameters) == '') {
			alert('Please specify parameters to use!');
			return;
		}

		$('<iframe height="400px" width="700px" class="frame" style="background:#FFFFFF;overflow-x:hidden;margin:0;padding:0;" frameborder="0" scrolling="auto"></iframe>')
			.attr('src', 'http://www.gnucitizen.org/util/csrf?_method=' + method + '&_url=' + escape(url) + '&' + parameters)
			.appendTo(document.body)
			.displayBox();

		return false;
	});

	/*
	 * PAYLOAD SELECTORS
	 */
	$('select[@name="category"]').change(function () {
		var name = $(this).val();

		$('select[@name="name"]').html('');

		for (var i = 0; i < xss_tags[name].length; i++) {
			var tag = xss_tags[name][i];
			
            $('select[@name="name"]').addOption(tag.values['0'], tag.values['0'], false);
		}
	});

	$('select[@name="name"]').change(function () {
		var cat = $('select[@name="category"]').val();
		var ind = this.selectedIndex;

		var exploit = xss_tags[cat][ind];

		$('#exploit-string').html(escapeHTML(exploit.values['1']));
		$('#exploit-description').html(escapeHTML(exploit.values['2']));
		$('#external-integration').html('');
		$('<a>&raquo; test with PHPIDS</a>')
			.appendTo('#external-integration')
			.attr('href', 'http://demo.php-ids.org/?mini&test=' + escape(exploit.values['1']))
			.click(function () {
				$('<iframe height="470px" width="340px" class="frame" style="background:#FFFFFF;overflow-x:hidden" name="phpids" frameborder="0" scrolling="yes" src="' + $(this).attr('href') + '"></iframe>')
					.appendTo(document.body)
					.displayBox();

				return false;
			});

		$('<span> | </span>').appendTo('#external-integration');

		if (exploit.values['5']) {
			$('<a target="_blank">&raquo; contributed by ' + escapeHTML(exploit.values['4']) + '</a>')
				.appendTo('#external-integration')
				.attr('href', exploit.values['5']);
		} else {
			$('<span>&raquo; contributed by ' + escapeHTML(exploit.values['4']) + '</span>')
				.appendTo('#external-integration');
		}

		$('#exploit-view').show();
	});

	/*
	 * MAIN
	 */
    $.include(xss_json_feed);
});
